more transparent proxy and squid questions.
doron at home.crc.co.za
Fri Jun 13 04:25:57 PDT 2003
You will want to make sure that you have this rule before the divert rule
allow tcp from (live ip address) to any
otherwise squid will go into a forwarding loop. You do not need
ip-transparent if you are using IPFW to do the divert. Oh yes the headers
are from the live ip of the squid box. I know there is a way to pass the
clients ip to the remote site. Check on the squid web page regarding that.
From: owner-freebsd-questions at freebsd.org
[mailto:owner-freebsd-questions at freebsd.org] On Behalf Of Andrew Thomson
Sent: 13 June 2003 09:14 AM
To: freebsd-questions at freebsd.org
Subject: Re: more transparent proxy and squid questions.
oh, and does squid need to be compiled with CONFIGURE_ARGS+=
given the firewall does the divert to the squid box ??
On Fri, Jun 13, 2003 at 05:04:38PM +1000, Andrew Thomson wrote:
> I'm not looking for help at setting this up as such, but rather a better
> understanding of what's happening to the packets in this situation.
> I have a freebsd firewall/gateway box.
> I then fwd the port 80 requests to the squid box on port 3128
> squid then i imagine process the request.. does squid then make the same
> http request with it's ip as the source?
> perhaps an illustration might be helpful.
> wall/gwy = 192.168.1.1
> squid = 192.168.1.2
> user = 192.168.1.3
> user makes an http request.
> ipfw rule on wall diverts to squid:
> ipfw add 50 fwd 192.168.1.2,3128 tcp from any to any 80
> does squid then make the request with it's ip?
> thus we'd need something like,
> ipfw add 45 allow tcp from 192.168.1.2 to any 80
> squid updates the cache/passes the data back to the user??
> freebsd-questions at freebsd.org mailing list
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"
freebsd-questions at freebsd.org mailing list
To unsubscribe, send any mail to "freebsd-questions-unsubscribe at freebsd.org"
More information about the freebsd-questions